check of CNAME chain in replies from cache.

git-svn-id: file:///svn/unbound/trunk@441 be551aaa-1e26-0410-a405-d3ace91eadb9

daemon/worker.c

@@ -225,6 +225,25 @@ worker_handle_control_cmd(struct comm_point* c, void* arg, int error,
 /** check cname chain in cache reply */
 static int
 check_cache_chain(struct reply_info* rep) {
+	/* check only answer section rrs for matching cname chain.
+	 * the cache may return changed rdata, but owner names are untouched.*/
+	size_t i;
+	uint8_t* sname = rep->rrsets[0]->rk.dname;
+	size_t snamelen = rep->rrsets[0]->rk.dname_len;
+	for(i=0; i<rep->an_numrrsets; i++) {
+		uint16_t t = ntohs(rep->rrsets[i]->rk.type);
+		if(t == LDNS_RR_TYPE_DNAME)
+			continue; /* skip dnames; note TTL 0 not cached */
+		/* verify that owner matches current sname */
+		if(query_dname_compare(sname, rep->rrsets[i]->rk.dname) != 0){
+			/* cname chain broken */
+			return 0;
+		}
+		/* if this is a cname; move on */
+		if(t == LDNS_RR_TYPE_CNAME) {
+			get_cname_target(rep->rrsets[i], &sname, &snamelen);
+		}
+	}
 	return 1;
 }
 

doc/Changelog

@@ -1,3 +1,6 @@
+20 July 2007: Wouter
+	- Check CNAME chain before returning cache entry with CNAMEs.
+
 19 July 2007: Wouter
 	- shuffle NS selection when getting nameserver target addresses.
 	- fixup of deadlock warnings, yield cpu in checklock code so that